View previous topic :: View next topic |
Author |
Message |
petterg Guru
Joined: 25 Mar 2004 Posts: 500 Location: Oslo, Norway
|
Posted: Mon Aug 30, 2004 1:34 pm Post subject: Qmail-scanner and ClamAV problem |
|
|
I've installed Qmail-scanner 1.23 and clamav 0.75.
When a virus infected mail arrives I get this error:
Code: | X-Qmail-Scanner-1.23st:[some numbers] clamdscan: corrupt or unknown clamd scanner error or memory/resource/perms problem - exit status 512/2
qmail-inject: fatal: qq temporary problem (#4.3.0) |
I'm not sure if this is a good thing or not. It's good that when ppl send infected mails, they get an error, but it would be nice if the error was not "temporary", and informed the sender why he get the error.
SOFTLIMIT is 80MB - should be enough.
If I make clamd run as qscand it dies without any error - even when compiled with -debug.
Temparary I've made qmail-scanner run clamscan insted of clamdscan.
Any clues why this problem ocures? |
|
Back to top |
|
|
radulucian Apprentice
Joined: 05 Jan 2004 Posts: 151 Location: Bucharest Romania
|
Posted: Tue Sep 14, 2004 11:09 pm Post subject: |
|
|
i solved it by applying this quick FAQ:
http://www.clamav.net/faq.html
see if that is the case that applies to you (Q26) and come back with details if you don't manage to have it working.
Last edited by radulucian on Thu Nov 18, 2004 11:49 am; edited 1 time in total |
|
Back to top |
|
|
petterg Guru
Joined: 25 Mar 2004 Posts: 500 Location: Oslo, Norway
|
Posted: Fri Sep 17, 2004 10:43 am Post subject: |
|
|
Softlimit = 80MB should be enough. The faq sugest 40MB.
Clamd is running. As I wrote, if I make clamd run as qscand it dies without any error - even when compiled with -debug.
When making QmS 1.23 run clamscan instead of clamdscan, random virus infected mails passes unchecked through the scanner. The same virus test mail sent 10 times, only got detected 6 times!
I downgraded to QmS 1.16 and everything works, but I'd like to use QmS 1.23 if there was a way to make it work. |
|
Back to top |
|
|
radulucian Apprentice
Joined: 05 Jan 2004 Posts: 151 Location: Bucharest Romania
|
Posted: Thu Nov 18, 2004 11:50 am Post subject: |
|
|
i ran into the same problem again and it was solved the same way (the right way)
since the FAQ on the website i quoted seems to change it's numbers here's a quote that would solve your problem
Quote: | Most likely clamd is not running at all, or you are running Qmail-Scanner and clamd under a different uid. If you are running Qmail-Scanner as qscand (default setting) you could put User qscand inside your clamav.conf file and restart clamd. Remember to check that qscand can create clamd.ctl (usually located at /var/run/clamav/clamd.ctl). The same applies to the log file.
Another possibility is that your softlimit is set too low. Try raising it to 40MB at least. |
|
|
Back to top |
|
|
petterg Guru
Joined: 25 Mar 2004 Posts: 500 Location: Oslo, Norway
|
Posted: Sun Nov 28, 2004 4:28 pm Post subject: |
|
|
I've tried this with 3 servers now. The latest server was installed this weekend, and get the same problem every time!
Downgrading to QmS 1.16 seems to be the only way around.
I've tried running clamav as qscand. I've tried to run QmS as clamav. Softlimit is 80MB.
Aparently the only way to make QmS 1.23 work is to make it use clamscan insted of clamdscan, but then some random viruses passes trough undetected!
Am I the only one to get this problem? |
|
Back to top |
|
|
petterg Guru
Joined: 25 Mar 2004 Posts: 500 Location: Oslo, Norway
|
Posted: Sun Nov 28, 2004 10:02 pm Post subject: |
|
|
Clearly I have permission problems.... For the experiment I made clamd run as root - then everything worked!
The FAQ tells to run clamav (/etc/clamav.conf) run as qscand - which user clamav runs as doesn't seem to make any change. It's the user clamd (/etc/clamd.conf) that makes the stuff work.
The only error I get is from qmail-scanner:
Code: |
clamdscan: corrupt or unknown clamd scanner error or memory/resource/perms problem - exit status 512/2
|
Even when clamav is compiled with the extra debug option enabled there is no error messages from it! |
|
Back to top |
|
|
petterg Guru
Joined: 25 Mar 2004 Posts: 500 Location: Oslo, Norway
|
Posted: Sun Dec 12, 2004 1:33 am Post subject: |
|
|
Can someone please tell me which files clamav / qscand needs access to?
I upgraded perl on a company server today, so qmail-scanner 1.16 does no longer work. QMS 1.24 works only if clamd is running as ROOT!
Somehow the eicar test virus (testmail #2) passes undetected trough the virus check when clamd is running as root. When running as qscand or clamav, clamd returns the error qouted in previous post when sending testmail #2.
Testmail #3 does get detekted when running as root. |
|
Back to top |
|
|
radulucian Apprentice
Joined: 05 Jan 2004 Posts: 151 Location: Bucharest Romania
|
Posted: Fri Dec 31, 2004 2:51 am Post subject: |
|
|
try this, if you haven't already, or given up already:
in /etc/conf.d/clamd
change first line to
START_CLAMD=yes
otherwise clamav online starts the freshclam process that is not detected by qmail_scanner upon execution.
this solved my problem with a default instalation and without any other modifications |
|
Back to top |
|
|
petterg Guru
Joined: 25 Mar 2004 Posts: 500 Location: Oslo, Norway
|
Posted: Fri Dec 31, 2004 8:02 pm Post subject: |
|
|
It's started, otherwise it wouldn't helped much to change the user it runs as. As it works great when running as root, I'm sure the problem is related to file premissions. All the files the documentation refers to I've made world writeable, but still I get the permission problem!
Is there any way to log all files a process tries to access, so I could debug this? |
|
Back to top |
|
|
derheld42 Tux's lil' helper
Joined: 31 Mar 2003 Posts: 97 Location: Washington, US
|
Posted: Sun Feb 27, 2005 8:39 am Post subject: |
|
|
Any idea if the error above could result in email getting dropped?
If that's the case (which I think it is)... qmail with qmail-mail-scanner.pl with spamassassin with clamav shouldn't drop email... Anybody else had this problem?
I think a bug report is in order, but I'm not sure which piece is at fault.... |
|
Back to top |
|
|
petterg Guru
Joined: 25 Mar 2004 Posts: 500 Location: Oslo, Norway
|
Posted: Sun Feb 27, 2005 9:04 pm Post subject: |
|
|
As posted - depending on which user it runs as it might drop mails with or withour errors. |
|
Back to top |
|
|
TheSlab n00b
Joined: 29 Apr 2004 Posts: 18 Location: Lanham, MD USA
|
Posted: Fri Jun 17, 2005 4:50 am Post subject: |
|
|
petterg wrote: | As posted - depending on which user it runs as it might drop mails with or withour errors. |
Did you ever figure this out petterg? The other admin on my server did a world update and i've been going crazy the last 6 hours trying to get email working. It's running as root now but I'd really like to not have that. Gonna look at it after I get back Sunday but figured I'd ask first. |
|
Back to top |
|
|
petterg Guru
Joined: 25 Mar 2004 Posts: 500 Location: Oslo, Norway
|
Posted: Fri Jun 17, 2005 11:47 pm Post subject: |
|
|
It's still running as root on all servers I'm adming.
Please post if you find a way to get around this. |
|
Back to top |
|
|
Casshan n00b
Joined: 07 May 2004 Posts: 53
|
Posted: Thu Jul 07, 2005 9:58 pm Post subject: |
|
|
Check permissions on:
/var/run/clamav
I had the same problem, and it can't create the pid file :0 |
|
Back to top |
|
|
petterg Guru
Joined: 25 Mar 2004 Posts: 500 Location: Oslo, Norway
|
Posted: Fri Jul 08, 2005 11:30 pm Post subject: |
|
|
I've carefully changed the ownership of clamav's run folder and logfolder every time i've changed the username it runs as... to no sucsess.
I've asumed that the folders should be owned by the user clamd is running as. Is that a bad thing? |
|
Back to top |
|
|
Casshan n00b
Joined: 07 May 2004 Posts: 53
|
Posted: Sat Jul 09, 2005 12:34 am Post subject: |
|
|
I have clamd running as the qmaild user I think, whichever one runs the qmail-scanner |
|
Back to top |
|
|
DrUberEgo n00b
Joined: 21 May 2005 Posts: 5
|
Posted: Mon Oct 10, 2005 1:54 am Post subject: Oh come on! hasn't anybody figured this out yet???? |
|
|
Three months later and apparently there's still no fix for this.
I'm in the same boat.
Here's some steps to reproduce...
1) emerge spamassassin
2) emerge clamav
3) emerge qmail-scanner
4) Spend all day figuring out that clamd and freshclam need to run as user qscand and NOT clamav
(This is something the ebuild maintainers should take care)
5) Change all qmail/spamassassin AND clamav file/directory and ownership to qscand:qscand
(which should be taken care of at the ebuild level.)
6) Find out that it still doesn't work!!!
7) Shoot yourself
What the heck is the fix for this???
it is ***NOT*** permissions or SOFTLIMITs so don't bother suggesting it. Don't believe me?...
Here's proof... clam stuff is running and running as qscand
root@mail:~# ps -elf | grep clam
1 S qscand 18417 1 0 76 0 - 8314 - 18:18 ? 00:00:00 /usr/sbin/clamd
1 S qscand 18419 1 0 75 0 - 3467 pause 18:18 ? 00:00:00 /usr/bin/freshclam -d
0 R root 18616 18246 0 75 0 - 654 - 18:29 pts/7 00:00:00 grep clam
Here are the ownerships of all clam files/directories:
-rw-r--r-- 1 root root 193 Oct 9 17:48 /etc/conf.d/clamd
-rwxr-xr-x 1 root root 2037 Oct 9 17:48 /etc/init.d/clamd
lrwxrwxrwx 1 root root 17 Oct 9 16:30 /etc/runlevels/default/clamd -> /etc/init.d/clamd
-rw-r--r-- 1 root root 8173 Oct 9 17:59 /etc/clamd.conf
-rw-r--r-- 1 root root 3257 Oct 9 18:00 /etc/freshclam.conf
drwxrwxr-x 2 qscand qscand 104 Oct 9 17:56 /var/lib/clamav
-rw-r--r-- 1 qscand qscand 97021 Oct 9 17:56 /var/lib/clamav/daily.cvd
-rw-rw-r-- 1 qscand qscand 2560365 Oct 9 17:48 /var/lib/clamav/main.cvd
lrwxrwxrwx 1 root root 17 Oct 9 18:18 /var/lib/init.d/started/clamd -> /etc/init.d/clamd
lrwxrwxrwx 1 root root 17 Oct 9 17:33 /var/lib/init.d/softscripts/clamd -> /etc/init.d/clamd
drwxr-xr-x 2 qscand qscand 104 Oct 9 17:48 /var/log/clamav
-rw-r----- 1 qscand qscand 11787 Oct 9 18:18 /var/log/clamav/clamd.log
drwxr-xr-x 2 qscand qscand 168 Oct 9 18:18 /var/run/clamav
-rw-rw---- 1 qscand qscand 5 Oct 9 18:18 /var/run/clamav/freshclam.pid
-rw-rw---- 1 qscand qscand 5 Oct 9 18:18 /var/run/clamav/clamd.pid
srwxrwxrwx 1 qscand qscand 0 Oct 9 18:18 /var/run/clamav/clamd.sock
-rwxr-xr-x 1 root root 1073 Oct 9 17:48 /usr/bin/clamav-config
-rwxr-xr-x 1 root root 34592 Oct 9 17:48 /usr/bin/clamdscan
-rwxr-xr-x 1 root root 47256 Oct 9 17:48 /usr/bin/freshclam
-rwxr-xr-x 1 root root 55448 Oct 9 17:48 /usr/bin/clamscan
-rwxr-xr-x 1 root root 1676 Oct 6 22:56 /usr/kde/3.4/bin/kmail_clamav.sh
-rwxr-xr-x 1 root root 67152 Oct 9 17:48 /usr/sbin/clamd
-rwxr-xr-x 1 root root 765 Oct 9 17:48 /usr/lib64/libclamav.la
lrwxrwxrwx 1 root root 19 Oct 9 17:48 /usr/lib64/libclamav.so -> libclamav.so.1.0.16
-rw-r--r-- 1 root root 274 Oct 9 17:48 /usr/lib64/pkgconfig/libclamav.pc
-rw-r--r-- 1 root root 567786 Oct 9 17:48 /usr/lib64/libclamav.a
-rwxr-xr-x 1 root root 314632 Oct 9 17:48 /usr/lib64/libclamav.so.1.0.16
lrwxrwxrwx 1 root root 19 Oct 9 17:48 /usr/lib64/libclamav.so.1 -> libclamav.so.1.0.16
drwxr-xr-x 2 root root 296 Oct 9 17:48 /usr/share/doc/clamav-0.87
-rw-r--r-- 1 root root 655 Oct 9 17:48 /usr/share/doc/clamav-0.87/clamav-milter.README.gentoo.gz
-rw-r--r-- 1 root root 735 Oct 9 17:50 /usr/share/doc/qmail-scanner-1.25-r1/contrib/test-clamd.pl.gz
-rw-r--r-- 1 root root 898 Oct 9 17:48 /usr/share/man/man1/clamdscan.1.gz
-rw-r--r-- 1 root root 6838 Oct 9 17:48 /usr/include/clamav.h
So yes, qscand does have accecss to what it needs since I have recursively set
ownership of /var/lib/clamav, /var/log/clamav and /var/run/clamav to qscand:qscand.
Ho yea... the memory problem...
root@mail:~# grep SOFTLIMIT /var/qmail/control/conf-common
SOFTLIMIT_OPTS="-m 64000000"
So fpppppt if you think that's the problem.
Oh... did I forget to restart something?...
root@mail:~# /etc/init.d/svscan stop
* Stopping service scan ... [ ok ]
* Stopping services ... [ ok ]
* Stopping service logging ... [ ok ]
root@mail:~# /etc/init.d/clamd stop
* Stopping clamd ... [ ok ]
* Stopping freshclam ... [ ok ]
root@mail:~# /etc/init.d/spamd stop
* Stopping spamd ... [ ok ]
root@mail:~# ps -elf | grep qmail
0 S qmaild 18617 1 0 75 0 - 2038 - 18:29 pts/5 00:00:00 /var/qmail/bin/qmail-smtpd
0 S root 19005 18246 0 76 0 - 653 pipe_w 18:43 pts/7 00:00:00 grep qmail
root@mail:~# kill -TERM 18617
root@mail:~# ps -elf | grep qmail
0 R root 19007 18246 0 77 0 - 653 - 18:43 pts/7 00:00:00 grep qmail
Start everything from scratch...
root@mail:~# /etc/init.d/clamd start
* Starting clamd ... [ ok ]
* Starting freshclam ... [ ok ]
[1]+ Done emacs clamfiles
root@mail:~# /etc/init.d/spamd start
* Starting spamd ... [ ok ]
root@mail:~# /etc/init.d/svscan start
* Starting service scan ... [ ok ]
And yet...
root@mail:/usr/share/doc/qmail-scanner-1.25-r1/contrib# ./test_installation.sh -doit
QMAILQUEUE was not set, defaulting to /var/qmail/bin/qmail-scanner-queue.pl for this test...
Sending standard test message - no viruses...
done!
Sending eicar test virus - should be caught by perlscanner module...
X-Qmail-Scanner-1.25st:[mail112890882871826055] clamdscan: corrupt or unknown clamd scanner error or memory/resource/perms problem - exit status 512/2
qmail-inject: fatal: qq temporary problem (#4.3.0)
Bad error. qmail-inject died
So it *STILL* doesn't work!
Has anybody figured this out yet?
- Jeff
And, as an aside: The second worst mistake a programmer can make is to produce
general error messages. (The first being no error messages at all; but general messages
are just about as bad.) Error messages should point out the specific action that
failed and why if at all possible. This general "corrupt or unknown clamd scanner error or
memory/resource/perms problem" is absolutely useless to the point of being frustrating.
I fixed perm problems and I fixed memory problems. What... am I suppose to guess
what I'm suppose to fix next? clamdscan (or whatever program is encountering an
error) should log it and *specifically* tell you what it tried to do and couldn't. |
|
Back to top |
|
|
Kooky n00b
Joined: 10 Sep 2005 Posts: 23 Location: Mannheim
|
Posted: Sat Feb 18, 2006 11:50 pm Post subject: |
|
|
I know this is a post from last year but i had the same problem today.
Here is how i solved it:
Clam Config:
USER qscand
chown -R qscand /var/log/clamav
chown -R qscand /var/run/clamav
softlimit 40.....
(all the things that you can read everywhere)
AND:
chmod u+s /var/qmail/bin/qmail-scanner-queue.pl
(and also USE="perlsuid" emerge -avuN perl)
Maybe it will help other people.
Greets Kooky |
|
Back to top |
|
|
Gio n00b
Joined: 01 Jul 2002 Posts: 19 Location: Wheaton, IL USA
|
Posted: Mon Apr 10, 2006 2:29 pm Post subject: Yep - that helps. |
|
|
Helped me, thanks Kooky. |
|
Back to top |
|
|
chamont n00b
Joined: 18 Jun 2004 Posts: 3 Location: Pleasant Grove, Utah (USA)
|
Posted: Thu Apr 13, 2006 4:49 am Post subject: Another me too |
|
|
Kooky you rock. Worked great for me as well. Some random update in the past day or two must have gotten me. |
|
Back to top |
|
|
TheNewb Apprentice
Joined: 10 Jun 2005 Posts: 183
|
Posted: Wed May 03, 2006 5:45 am Post subject: |
|
|
Took me a long time to figure this out before I found this post... Many thanks! Got me up and running. _________________ #define struct union /* A Real space saver! */ |
|
Back to top |
|
|
lcj Tux's lil' helper
Joined: 25 Apr 2004 Posts: 82 Location: Opole, Poland
|
Posted: Fri Jun 15, 2007 6:56 pm Post subject: |
|
|
@DrUberEgo
Please check this your setup matches mine:
Code: |
-rws--x--x 1 qscand qscand 3168 Aug 9 2006 /var/qmail/bin/qmail-scanner-queue
-rwxr-xr-x 1 qscand qscand 140111 Dec 27 00:10 /var/qmail/bin/qmail-scanner-queue.pl
|
I was maybe on the same level of frustration, but I had one server running, so I checked the perms once more. _________________ --
Lukasz C. Jokiel via web |
|
Back to top |
|
|
ycUygB1 Apprentice
Joined: 27 Jul 2005 Posts: 276 Location: Portland, Oregon
|
Posted: Sun Sep 01, 2013 8:30 pm Post subject: |
|
|
Follow the comments of Antarctica here: http://qmailrocks.thibs.com/qmail-scanner.php,
which worked for me. To avoid making you click yet another link, here are the instructions:
Using visudo, add
Code: | ALL ALL=(qscand) NOPASSWD: /var/qmail/bin/qmail-scanner-queue.pl |
Near line 71, add to /var/qmail/bin/qmail-scanner-queue.pl
Code: | $ENV{'PATH'}='/bin:/usr/bin';
$whoami = getpwuid($<) || "unknown";
if($whoami ne "qscand") {
exec("/usr/bin/sudo -u qscand /var/qmail/bin/qmail-scanner-queue.pl") || die;
} |
Then redo the test, and it should work:
Code: | # cd /usr/share/doc/qmail-scanner-2.08/contrib/
# ./test_installation.sh -doit --log-details syslog
Sending standard test message - no viruses... 1/4
done!
Sending eicar test virus - should be caught by perlscanner module... 2/4
done!
Sending eicar test virus with altered filename - should only be caught by commercial anti-virus modules (if you have any)... 3/4
done!
Sending bad spam message for anti-spam testing - In case you are using SpamAssassin... 4/4
If you have enabled $sa_quarantine, $sa_delete or $sa_reject the
spam-message wont't arrive to the recipients. But if you have enabled
(good idea!) 'minidebug' or 'debug' you should check
/var/spool/qscan/qmail-queue.log (or where ever you have the log).
Done!
Finished test. Now go and check Email sent to postmaster@tough-widgets.com and/or the log..
|
Last edited by ycUygB1 on Mon Sep 02, 2013 1:03 pm; edited 1 time in total |
|
Back to top |
|
|
|